Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

A draft defense authorizing act in Congress includes wording plugging open source software. It seems both cost and software security were considerations. This is an important victory for open source. "It's rare to see a concept as technical as open-source software in a federal funding bill. But the House's proposed National Defense Authorization Act for Fiscal Year 2009 (H.R. 5658) includes language that calls for military services to consider open-source software when procuring manned or unmanned aerial vehicles."

I work together with people that work with real-time control systems (mostly for particle physics data aquisition, ALICE detector at CERN). They say "OS? Linux, of-cource! WxWorks is not much used, to much hassle)

Notably, ALICE has a lot of "onboard" Linux computers (with onboard FPGA's I think). This is possible in this experiment, as the radiation levels are much lower than ATLAS and CMS - but there is much more data per collision, so they need fast and smart triggers as close to the metal as possible.

My guess is what you have here is a good indication that some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product. Not new insight or greater education on the part of law makers.

My guess is what you have here is a good indication that some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product. That could be, it is still a very good thing.

... some company had enough money to fund a lobbyist to push for this to help them in the future since they use FOSS in their product.

Or perhaps some of the security guys got through to them, and hit them with the rather old observation that if you have any security concerns, you don't run any software unless you have all its source. And you've compiled it yourself.

It's sorta bizarre that this would even be a question with the military. Would they buy a vehicle or weapon with "no user-serviceable parts"?

not likely. $700 is practically nothing. ever see how much money the military spends on printer cartridges?
it's more likely that OSS is easier to switch vendors later on without getting locked into an expensive position.

No, they are probably realising that $700 needs to come from somewhere so they might as well use open source software instead of buying licenses.

Except that the kind of software in the bill in question is rarely licensed - it's tactical software, not admin software. Specialized tactical software is usually purchased outright. (Not to mention that the Federal Government undoubtedly gets significant discounts from vendors for per seat licenses and support.)

That being said, there's much less here than meets the eye. Like many other extremely specialized problem domains, there almost certainly isn't any FOSS to be considered for use. This goes double since this almost certainly is an embedded system, not a PC, with the operating hardware, computer hardware, OS, and applications tightly bound and integrated. (In the systems like this I worked on while I was in the Navy, the line between OS and application was a wide grey area - in some ways they were virtually the same.)

There are no commercial usage clauses in any version of the GPL. The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

There are terms in some free and open source licenses that make certain business models impractical, but nothing that would restrict any area of use.

The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

The OSI and FSF agree that free or open source licenses, respectively, should never have any sort of usage clause in them. Richard Stallman has publicly encouraged everybody to find ways to profit off free software.

Profit is not everything. My little project [virtual-estates.net] may be for sale, but I will not sell to anyone owning a Che Guevara T-shirt, for example.

If the Government uses open source code that is under the GPL license, and modifies it to include some security or other feature that is considered to be under the umbrella of "National Security", are they required to provide the source code to terrorists so they can attempt to crack it?

are they required to provide the source code to terrorists so they can attempt to crack it?

From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists. If the changes are internal-use only, there isn't a GPL conflict by not distributing the modified source.

From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists. If the changes are internal-use only, there isn't a GPL conflict by not distributing the modified source.

I'm sure that they will be "distributing modified binaries to terrorists" at about 500 MPH:)

If they drop a smart bomb on someone that uses open source software in its circuitry, I'm guessing that's much like running GPL code on your webserver, and considered internal use only. Now if they use code under the Affero GPL [fsf.org], that could be interesting!

From my understanding of the GPL, this would only be true if the government is distributing the modified binaries to the terrorists.

The US air force drops a bomb on my wedding party in the belief that it is a terrorist training camp. The bomb is a dud, and it fails to explode. I now have in my possession an unexploded bomb with embedded, Pentagon-modified GPL software.

Are the Pentagon now required to furnish me with a machine-readable copy of their source code?

This is a big deal with FOSS code in the military sector. Whoever leverages the code (read is familiar with the license) is not the person who "owns" the code, nor is likely even remotely influential about its release. Essentially anything that binds you to contribute modifications back to the community is right out. It isn't the contractor's code to release, it isn't truely the military's code to release (although they have procedures for it), it is the taxpayers' code. Because of that there is a bunch

If the Government uses open source code that is under the GPL license, and modifies it to include some security or other feature that is considered to be under the umbrella of "National Security", are they required to provide the source code to terrorists so they can attempt to crack it?

Depends. If my company uses OSS in an internal application, I don't have to release the changes back to the public. But, if my company were to distribute a product that uses it we'd have to provide source code.

I'm assuming that the military would not have to release source code in UAV's because they tend to get those products back and therefore it would be an internal product or application. They'd have to release the source for any bombs or missiles though because they are delivering that product to the public.

I'm assuming that the military would not have to release source code in UAV's because they tend to get those products back and therefore it would be an internal product or application. They'd have to release the source for any bombs or missiles though because they are delivering that product to the public.

No, you're mistaken. The source for bombs or missles is part of the delivery system, much like the source code in a UPS driver's tablet computer, it is not intended to be consumed by the public. The appl

This is the US Military. If they decide to use your software, you ASK THEM NICELY to follow the copyright terms.

They have an awful big club to wield in all three branches of government... You could well see The President being awoken at 3am to order Congress into an emergency session, all to pass a law that says the GPL doesn't apply to the US Military

Just ask Marconi... He decided the US Mil should pay patent license fees to him, on all those radios they used

The government has sovereign immunity. Except where the feds (even the states) explicitly permit lawsuits, they cannot be sued. Congress has not abrogated sovereign immunity over copyright infringement. Thus the Feds can violate the GPL with impunity.

The real question is what company is trying to sell UAVs to the government, and is offering open source. My guess is one of the small Israeli companies managed to get this put in the appropriations bill to help them.

In order to try saving money, they'll probably do something really stupid that will end up costing them money.
Like setup a Linux environment, and realize they have some old, critical, archaic, crappy piece of software that only runs on Windows NT.
So they'll get some virutualization software inorder to run Windows on their new Linux servers in order to get that old app running.
So they'll virtualize a bunch of old NT boxes, only to find out app doesn't work well when running on virtualized Windows.
So then they have to install new Server 2008 boxes to run the old app, only to find out the old version of that app won't run on Windows versions newer than NT 3.5.
So now they pay millions for a new version of said critical app.
Then they realized the new version of the app has a Linux version.
Then some figures out that the old app could have run under WINE.

It's rare to see a concept as technical as open-source software in a federal funding bill.

Open Source is a legal and business concept. You'd hope that a few hundred lawyers would be able to figure that one out.

I'm guessing the editors/writers (and maybe readers) of Government Computer News don't get out much. Federal funding and appropriations bills routinely address technical issues in the manner they do here.

I already see some misunderstanding in other threads in this conversation. (a) people say the military won't give back the changes they make to GPL software. (b) people say that because it is GPL, the "bad guys" will get it.

For the first point, the GPL does not require changes to be merged back into the main development area. It allows (and encourages) projects to FORK the source code into new projects when different applications are desired. This keeps the original projects clean from "feature creep" and gives the different (competing) development teams control of their own development. The limitation that the GPL imposes is that if an organization wants to DISTRIBUTE the executable versions of their software, they would need to include an offer to distribute the source as well. Since it is not in the US military's interest to distribute their software, there is no real concern of (b) the "bad guys" getting the software.

In that vain, the "bad guys" would have access to the baseline version if they can figure out what software has been forked into military applications. If the US military is foolish enough to operate this using defaults that are hackable, then it serves them right. I personally think that they are more qualified than that.

A last concern is (c) THIS IS BEING FUNDED BY TAXPAYER MONEY AND IT SHOULD BE OWNED BY THE TAXPAYERS. This is false. I mean, the funding does come from taxes, but the public has no more of a claim for software that is developed for military applications using FOSS software than they do over the software, hardware, and designs of any other piece of military equipment ever designed. These instruments are created for the purpose of providing national security. If the designs were made public, then security WOULD be compromised. Ergo, in the interests of national security it's important for that information to be kept private.

Final point, the GPR (Government Purpose Rights) license. This is a thinly veiled government source license that I have seen the military force on subcontractors in recent years to force Boeing, Lockheed, and all the rest to "play nice". The GPR license is a requirement on contracts so that the government gains the right to send software developed by Lockheed over to Boeing for further analysis. Believe it or not, frequently in legacy codebases you see "Proprietary of XYZ Corporation" and for the most part the government tries to acknowledge these rights. However, they realize that many things are developed over and over again by different companies because they are prevented from leveraging off of each others work (at the cost of the taxpayers). It is encouraging, therefore, to see the government prevent this with GPR.

More to the point is that military developments almost without fail make it into the public if they have a significant public use. Flight, radar, medicine, etc. Hell, the military has probably had the best return on investment of any government run endeavor. So many people bitch about the military, but it was military members that were first putting their lives at risk testing things like supersonic aircraft and space travel. Guess who had the joy of being the human guinea pigs for things like the Anthrax vaccines.

If you really wanna bitch DARPA will take their internet and go home...

For the first point, the GPL does not require changes to be merged back into the main development area. It allows (and encourages) projects to FORK the source code into new projects when different applications are desired.

Note the emphasized bit. I'm certainly not aware of this. Forking might be unavoidable in some cases, but as far as I know the GPL (the license) doesn't actually have an opinion on the matter.

So, you're saying that if the contractors give their binaries to the government, they also have to give the source to the government under the terms of the GPL.

That sounds completely reasonable - I don't see how it would rule out the use of GPL'd source. Frankly I'd be a bit surprised if the government *doesn't* get copies of the source code as deliverables when paying for avionics systems, weapons, military logistics packages etc etc!

I don't know about the other services, but the Army has been using FOSS for years, especially Linux. They already have UAVs running embedded Linux, and they have worked for years, successfully, I might add, to make their web sites compatible with different platforms. I have been using Linux as my primary OS since 2000 and never had any problem using an Army site. This is just so some Congress Critters can court the geek vote by claiming to push FOSS in an environment where it is already widely used. There w

I look at this and wonder why open-source has to be specifically endorsed by congress for the military to consider it. The military should consider technologies based on their merits. Does Congress need to pass a bill that endorses C++ applications, or closed-source applications? Military and government have used open source software for years with things like SE Linux. I won't complain about the text being in there, but it is indicative of the wrong mind set.

If you read the bill - as I have for the past 15 minutes - you wil learn that most of it is about "open source intelligence", which gets discussed as ways to gather info from publicly-available sources: websites, chat rooms, etc.

Open source software code is also included, but does not appear to be the main focus. Additionally, I would expect that for national security reasons, the govt. may slurp open source tools into their mix, but I would not expect them to share much. I do believe they may be exempt fro

There is a LOT of government written code available. In fact many of the biggest and most complex free software systems were developed and given away by the US government. It's just that they typically do not write word processors and games so your typical home user does not see it.

Most all the software I develop goes to the US government, mostly the DoD. I've been using Open Source for well over 20 years now. I don't think it was called "open source" back then but still much of it was.

You have to remember that government contractors and universities had access to the Internet starting back in the late 1970's and were on USNET long before there was a web.

I'm certain that the government and military were the second users of open source universities being the first users. Only after the web got popular did open source spread out into the rest of the world.

This is actually a far bigger deal than just some minor win for the open source. Most people don't understand that government software projects are their own huge industry. Whenever the military has a need for a specific application that doesn't exist (or even sometimes does), they solicit bids for the solution. These solutions are often something that many of us here can whip up in a weekend of hard coding, but because of the way government projects work, the company who wins the bid usually complicates th

Wrong, TFA is about open source software, something the services have been working on for years. The F-35 has open source software for the displays, the Navy CIO has already endorsed open source software, the Army is incoporating it into the Land Warrior program, etc. Congress (and by extension/. by posting this) is behind the power curve, hence my original point stands, it's Old News.

There was never anything actually preventing Government developers from considering Open Source previously. This will simply remind some Dev Managers that the option exists, even though their actual developers have probably been using it for years.
The side effects of this bill will most likely bring out Microsoft's and other proprietary software house's lobbyists out of the woodwork. They've only painted another target.

Only to a limited sense. The US Government tends to contract many software solutions to the big defense contractors. Those contractors have already been using open source software as part of their solutions. All this does is reaffirm the option of allowing it as a component.
Software vendors will now need ways to differentiate their offerings to those who provide solutions to US Government agencies. I imagine we'll see more "partnerships" (not that they don't happen now) that will influence solutions. I can't count the number of projects I've worked on where as a developer you say "open source product A would work great" but the manager says "we're using commercial product B". Many trade studies we use internally often lack open source solutions too unfortunately.

Actually it does a bit more for them than that - it makes it easier and less risky for them to use it.

For software to be approved for use on US Government systems it has to be tested JITC, SPAWAR, and similar agencies (depending on the target system), and there are a lot of factors that are taken into consideration. Should it pass, this would make it a lot easier to get open source solutions through those agencies since there would now be a legal mandate to help push them. It would also reduce the risk a

There was plenty preventing the use of open source. There was a desire to have MS Windows and MS Office no matter what, because that's what the users knew. There were political motivations. There was also this pervasive thinking that "you get what you pay for", therefore commercial software was inherently superior to freely available open source. Free software really throws government budgeting folks for a loop, and they will actually demand commercial software seemingly just so that they have expenses

I have to agree with the others; especially since Red Hat's Enterprise Linux (RHEL) used by the US government is rated at the same level as Trusted Solaris, which is at the highest level achievable by COTS software. Not even Microsoft can claim that with any version of Windows (past or present). I think Novell's SuSE (SLES) is similarly rated - RHEL and SLES were going back and forth for a while with who had the higher rating.

I worked as a government contractor for a while. I saw all this. I heard government employees and contractors give all those reasons I related. Can you say the same, Mr. AC? Granted, that particular outfit was pretty sleazy, and it's been a few years. I hope most of the many, many other departments within the government are more reasonable.

Of course software and even individual lines of code come from all over the world. You missed the point. If they didn't like the software for whatever reason, it

From a non-USA point of view, I think this is a great step for open source solutions, but more for software in general.

It's been know that whatever the US military puts their hands on, that can grow to a great size. The whole Arpanet->Internet analogy may or may not be flawed for this. A lot of innovation comes from military funded projects.

The open source model is a great source (no pun intended) of innovation and combining those two points could lead to a massive step forward.

Not so much the desktop, maybe, but we could be approaching the decade of (Free) Software Defined Radio (SDR).

Note that the Software Communications Architecture (SCA) uses CORBA (Common Object Request Broker Architecture) and POSIX (Portable Operating System Interface, a name RMS coined "in response to an IEEE request for a memorable name"), and while its of military origin (and currently used by the US/UN Joint Tactical Radio System JTRS) its also under commercial evaluation. The Object Management Gro

It's been getting worse lately. A lot of papers are cutting back, and the first people to go are copy editors. That's why the spelling and grammar of the average newspaper has been declining into "USA Today"-like territory.

I'm not quite sure why this was labeled as flamebait. It wasn't meant that way... I'm just rather sad that the state of editing in general (not just Slashdot) has slipped to such a great degree. I regularly find and cringe at overlooked spelling and MAJOR grammatical errors in all sorts of media. I find that seeing them in fiction books is the worst though, as it really interrupts the story. It's almost as if an M-80 went off in the same room or something.

We'll see what happens to his small business after the BSA [bsa.org] raids and trashes his outfit because he used 2 pirated copies of Windows unwittingly installed by the Geek Squad tech who fixed his computers.

Hmm, the BSA vs. the military(yes, they use a LOT of Windows boxes and cannot possibly keep track of all those licenses) would be an amusing cage match.

Yeah, 'cause that's what this is about -- the government FORCING open source. Try to at least read TFS. And maybe you just need to cut a few more corners before you don't have to worry about your job going to India!